If AI helps you write your code, why not let AI secure it too?

This demo is pretty interesting — they find 0 day intrusions. There's a whole world in which they should go find the 0 days that LLMs can find *before* the other LLMs do so

One of the most useful ways to evaluate people is through their unique insights and the best people observe and discover new unique insights absolutely all the time. They are meaning making machines instead of following mechanistically the beliefs issued to them.

quick recap before christmas of what we shipped: - js/ts/java support for our ai pentester - github bot that scans your branch at every pr - teams feature for companies that want to share scans/vulns - scan any repo using the github public url - code fixes for each

CVE-2025-48889 Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Pr… cve.org/CVERecord?id=C…

#BSidesNYC welcomes Gecko Security as a Megabit Sponsor for our conference on Oct 18, 2025. bsidesnyc.org Gecko finds business logic flaws and multi-step vulnerabilities that traditional SAST tools miss—without drowning you in noise. gecko.security

CVE-2025-51463 Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitt… cve.org/CVERecord?id=C…

CVE-2025-51480 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externa… cve.org/CVERecord?id=C…

CVE-2025-51481 Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying p… cve.org/CVERecord?id=C…

CVE-2025-51482 Remote Code Execution in ….server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code… cve.org/CVERecord?id=C…

CVE-2025-51464 Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to t… cve.org/CVERecord?id=C…

CVE-2025-51471 Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via… cve.org/CVERecord?id=C…

CVE-2025-51459 File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via a malicious plugi… cve.org/CVERecord?id=C…

CVE-2025-51479 Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via cra… cve.org/CVERecord?id=C…

CVE-2025-51458 SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the … cve.org/CVERecord?id=C…

CVE-2025-51475 Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via… cve.org/CVERecord?id=C…

CVE-2025-51462 Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafte… cve.org/CVERecord?id=C…

CVE-2025-51472 Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values … cve.org/CVERecord?id=C…

Gecko’s (Gecko Security) AI SAST scanner found 30+ zero-day vulnerabilities in major open source projects that no AppSec tool found. Here’s how they did it: gecko.security/blog/gecko-30-…